NCS CA - Good PDF

Preview

Summary

Good...

Description

VISVESVARAYA TECHNOLOGICAL UNIVERSITY BELAGAVI-590014

CASE STUDY ON FIREWALL RISK ASSESSMENT Submitted by Harsha D S(1DT17EC028) Harshitha H H(1DT17EC029) Jyothi Rawat(1DT17EC032) Kalva Madhav Rao(1DT17EC034)

Department of Electronics and Communication Engineering

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANAGEMENT Udayapura, Kanakapura Road, Bangalore-560082,2020-2021

1

INTRODUCTION A firewall risk assessment is a detailed assessment approach of a firewall topology and configuration that has been implemented to protect your information, systems, applications, and overall business operation. A firewall is a network security device that monitors incoming and outgoing traffic,it allows or blocks data packets based on its own security rules. A data packet is a unit of data made into a single package that travels along a defined network path. Internet Protocol (IP) transmissions use data packets for data that navigates the Web, and in other types of networks. The purpose of a firewall is to maintain a barrier between your internal network and incoming traffic from external sources like the internet. The firewall can block unwanted traffic like viruses and hackers. Network security is a wide term that covers many technologies, devices and processes. It is a set of rules and configurations that protect the integrity, confidentiality and accessibility of computer networks and data using software and hardware technologies. Every company needs some network security solutions in place to keep them safe from the growing landscape of cyber threats taking place worldwide. These vulnerabilities can exist in a range of areas such as devices, data, applications, users and locations. There are various network security management tools and applications that we use to deal with individual threats and regulatory non-compliance.It is essential to follow these firewall security measures. This assessment will help an organization to improve and maintain the various tiers of your network against the actions of hackers/viruses from disrupting business operations and stealing data ConnectDS are cyber security specialists based in the South East of England. By using ConnectDS,we can perform advanced cyber security services including in-depth firewall assessments for business to determine the current effectiveness of network security and to ensure cyber security measures meet the technical requirements of business whilst complying with any required regulations.Firewalls must be assessed and reviewed on an ongoing basis so that we can maintain effectiveness in securing company.we can implement

2

measures in line with best practice and we can customize our approach to business. We can operate consistently with firewall change management and help to increase the chances of identifying weaknesses in security systems before that become dangerous. We can prevent the data from being compromised by cyber attackers. Firewall is first line of defence against threats from outside business so essential for firewall to be effective. Having a firewall gives you a false sense of security if skilled experts don’t configure and assess it to make sure your company is not vulnerable to the various cyber threats in play in the modern world.ConnectDS’s firewall assessment service includes an evaluation of firewall’s features and their uses so that we can identify any areas that can be more optimized. We will check whether any of these features are providing any limits to capability and work to make these perform better. Understand that the majority of modern advanced threats that occur are targeted at users, so it is important that we review the level of perimeter control to the internet from within the network. This review allows us to appreciate the risks that can take place as well as ensuring effective configuration across your company Eight-Stage Methodology

This risk assessment of a generic, hypothetical firewall employs the SecuritySpecific Eight-Stage Risk Assessment Methodology , henceforth referred to as the eight-stage methodology.The eight stages of the methodology are illustrated in Figure above, The Eight-Stage Model. In Figure, time flows from left to right. The internal influences are depicted as squares. The external influence (a security-related attack) to the system is depicted as a triangle. The consequences are depicted as circles. The objective

3

of the security system is to prevent unwanted consequences of the security attack by employing the activities represented in the squares. The consequences, represented by circles, will occur if these activities are insufficient. One of the major principles of the model is that a system under attack has three opportunities to reduce the resultant harm: before the attack occurs, after the attack occurs but before a security breach occurs, and after a security breach occurs but before the resultant harm occurs. When performing an assessment, we assess more than the firewall itself. We include both the automated security mechanisms of the firewall and the procedural requirements levied on the users and administrators. We refer to this without ambiguity as the “system”. The eight-stage model is used to evaluate this system. Performing an assessment using the eight-stage methodology involves two major steps: • data gathering • construction of eight-stage chains of security relevant events and performing the quantitative analysis DATA GATHERING: The steps to gather the data for the assessment are: 1. Obtain the definition of the security boundary and the interfaces that will be defended by the firewall, both automatically and procedurally. The definition should be provided in the security policy. 2. Obtain the list of system assets to be protected, what constitutes a security breach, the associated harm that could befall the assets, and a quantitative loss per asset if it were compromised, modified by an unauthorized agent, or its availability were lost. This list should also be provided in the security policy. 3. Delineate the attack scenarios that will (and will not) be defended against, and the likelihood of occurrence of each. For firewall assessments, we have collected a long list of attack scenarios that cover most insider and outsider attacks. 4. Delineate each of the system's countermeasures that protect it against attack. A determination is made for each countermeasure if it is used to obstruct, detect or recover from an attack, or to detect or recover from a security breach. This distinction is used to support the quantitative assessment of each countermeasure's effectiveness

4

EXAMPLE The example firewall that we can use is an amalgamation of the actual systems that have assessed. The asset values, likelihoods, and effectiveness measures used in the example are drawn from these assessments. Firewall is a host using IP-based filtering external router connected to the Internet LAN supports various computer platforms critical application data » company proprietary data » financial and privacy act data example allows only the following data flows: • e-mail in both directions • both internal and external hosts are allowed to "ping" the firewall (for connectivity testing) • both in-coming and out-going Domain Name Service (DNS) requests • non-anonymous File Transfer Protocol (ftp) • World Wide Web. Gathering Data:Table 1, Security Policy, synopsizes the example firewall's security policy. While the security policy should be provided by the system owner, in all of our assessments that was not the case and developing the security policy was our first task. The table is divided into three sections: the security boundary, the automated defenses of the firewall, and procedural defenses which are the responsibility of the users and administrators.Table 1: Security Policy

5

6

Constructing the Chains and Performing the Analysis Since space does not permit reproducing the results of all attack scenarios, we have selected two representative samples. A typical assessment would have approximately 80 chains. The first example, Table 5, Automated Attack Scenario, illustrates an attack against which the firewall is designed to protect. The second, Table 6, Human Error Scenario, illustrates the type of human error against which the firewall cannot protect itself.

7

Assessing this example firewall highlights the requirement that a security policy must be in place before the methodology can be applied. This requirement gives rise to two problems. The first is that many organizations, particularly commercial businesses suddenly coming to grips with the risks of being attached to the Internet for the first time, are in imminent danger. The immediacy of their need for security overrides the rational requirement for a well-reasoned, comprehensive policy. It's not even clear that many of the responsible policy-makers would know how to state their policy requirements. The second problem comes in translating between the security policy and the firewall implementation. Since the policy maker and the firewall administrator are usually different individuals, they may be unclear on the precise impact of their own decisions on each other's domains. In addition, administering a firewall requires making frequent, small changes to the configuration, effectively changing the firewall's security policy dynamically. Fortunately, a firewall, unlike many other security mechanisms, is well encapsulated. This leads us to an interesting proposal to firewall makers. SENSE OF SECURITY: Firewalls give people the feeling that their systems on the internal network are secure, which leads to a sense of complacency. People feel they can “relax.” Instead, the firewall has allowed access between the internal and external networks that users would normally feel a little less comfortable about. Ironically, internal network users should be even more concerned. The comfort provided by the firewall will tend to increase the flow of message traffic. The result is that all of the standard security precautions, e.g. running virus checkers on files that have been brought across the network, and being leery of e-mail that has been received from unknown sources, must be done with more consistency. The primary function of a firewall is to provide abuffer from external attack.

8...